get_mm_cmdline and userspace (Perl) changing argv0

From: Jakub Jankowski <shasta@toxcorp.com>
To: linux-kernel@vger.kernel.org
Subject: get_mm_cmdline and userspace (Perl) changing argv0
Date: Fri, 5 Apr 2019 23:50:01 +0200 (CEST)	[thread overview]
Message-ID: <alpine.LNX.2.21.1904052326230.3249@kich.toxcorp.com> (raw)

Starting with 4.18 we noticed changing own commandline in Perl by setting 
$0 leads to (a bit) surprising results.

As long as we're setting $0 to something longer than the initial argv0, 
everything works (almost) as expected: reading from /proc/$$/cmdline 
yields what we set $0 to, followed by a single NULL byte.

However, when setting $0 to something shorter, doing the same yields what 
we set $0 to, then a single NULL byte, then thousands (depending on the 
size of the environment) of ' ' (0x20), and then a single NULL.

$ for i in $(seq 1 10); do
    perl -e '$0 = "1234567890"x'"$i"'; print `cat /proc/$$/cmdline`;' | wc -c;
   done
3291
3291
3291
3291
3291
3291
71
81
91
101
$

This leads to weird output of commands like "ps axufww", where a 
daemonized Perl script that had changed its $0 shows up as a long, mostly 
empty line on the process list.

We've seen this on both Perl 5.20 and 5.28, and Perl's code handling 
changes to $0 hasn't really changed since: 
https://perl5.git.perl.org/perl.git/blob/HEAD:/mg.c#l2673

Reverting commit 5ab8271899658042fabc5ae7e6a99066a210bc0e ("fs/proc: 
simplify and clarify get_mm_cmdline() function") in kernel, however, seems 
to restore previous behavior (no NULL byte at the end):

$ for i in $(seq 1 10); do
    perl -e '$0 = "1234567890"x'"$i"'; print `cat /proc/$$/cmdline`;' | wc -c;
   done
10
20
30
40
50
60
70
80
90
100
$

Has anybody else seen / been bothered by this?

Regards,
  Jakub.

-- 
Jakub Jankowski|shasta@toxcorp.com|https://toxcorp.com/
GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D